Receiving a private key from server admin: ok or not?

It is exactly as you say: The whole concept of public key authentication is that the private key should only be known to the owner, while the corresponding public key can be widely disseminated. The security of your authentication depends on the security of the private key, not of the security of the public key.

The fact that somebody else provides you with a private key automatically makes it compromised. (You don't know if that other admin still has a copy which can be used to impersonate you.)


For that key, the organization don't have non-repudiation. IE, if someone does something abusive or destructive to that system using 'your' key, the admin can't point the blame at you for being solely responsible for it. Since the person that gave it to you also had the key. It probably isn't that bad for you, since it gives you a defense, but horrible for the organization controlling the server, if something bad ever happens.

You might be able to use the write privileges you have from the provided keys, to update your authorized keys, and add your key, and remove the provided key.